AUTHLIB Procedure

TABLES Statement

Used after a CREATE, MODIFY, REMOVE, REPAIR, and REPORT statement to specify the tables to process a statement action. Also, you can specify the current passwords or encryption key value of the data sets in the TABLES statement, if different from the metadata-bound library passwords or recorded encryption key.

Default: When no TABLES statement is specified, the TABLES _ALL_ statement is the default behavior.
Requirement: The TABLES statement must be preceded by a CREATE, MODIFY, REMOVE, REPAIR, REPORT, or another TABLES statement.
Tip: Each password and encryption key option must be coded on a separate line to ensure that they are properly blotted in the log.
Using the TABLES Statement

Syntax

Required Argument

SAS-dataset(s) | _ALL_ | _NONE_

SAS-dataset(s)

name of one or more SAS data sets

_ALL_

specifies password options to apply to all data sets.

_NONE_

limits the action of the previous CREATE, MODIFY, or REPAIR statements to the library level and does not apply the action to any table.

Optional Arguments

/

is required if any options are included, such as passwords or MEMTYPE=. Here is an example:

tables table-name / pw=password;

ENCRYPT=YES | NO | AES

specifies the encryption type.

YES

specifies the SAS Proprietary algorithm.

NO

specifies no encryption.

AES

specifies Advanced Encryption Standard (AES) encryption and is required if changing and encrypting with a new key value and TABLESONLY=YES in the action statement.

See Encrypted Data Set Considerations

ENCRYPTKEY=key-value </ key-value>

specifies a key value for AES encryption.

Requirement ENCRYPTKEY= data set option is required if the data file has AES encryption and the key is not recorded for the library.
Tip The ENCRYPTKEY= value is a passphrase that can be up to 64 characters long from which the actual AES encryption key is later derived, but it is referred to as the encryption key in most SAS documentation.
See Encrypted Data Set Considerations
ENCRYPTKEY= Data Set Option in SAS Data Set Options: Reference

MEMTYPE= DATA | VIEW

restricts processing to a single member type of DATA or VIEW. If not specified, then the default is both types.

DATA

specifies SAS data file member type.

VIEW

specifies SAS view member type.

Alias MTYPE=, MT=
Default ALL

PW=all-password </ <new-all-password>>

specifies the current password of the data set.

ALTER=alter-password </ <new-alter-password>>

specifies the current ALTER= password of the data set.

READ=read-password </ <new-read-password>>

specifies the current READ= password of the data set.

WRITE=write-password </ <new-write-password>>

specifies the current WRITE= password of the data set.

Tip
All password values must be valid SAS names with a maximum length of 8 characters.

Details

Using the TABLES Statement

The TABLES statement is primarily used to specify the current password(s) and encryption key(s) on data sets when different from the current metadata-bound library required password(s) or encryption key(s). A TABLES statement usually follows a CREATE or MODIFY statement to make the data set passwords and encryption keys change to the metadata-bound library passwords and encryption keys. For an example, see Binding a Library When Existing Data Sets Are Protected with Different Passwords.
TABLES _NONE_ can be used to limit the action of the previous CREATE, MODIFY, or REPAIR statements to the library level and not apply the action to any table. TABLES _ALL_ is the default behavior if no TABLES statement is specified. You might wish to write an explicit TABLES _ALL_ if you want to specify passwords or encryption key values to use when opening all data sets.

Using the TABLES Statement with the CREATE Statement

The CREATE statement can be followed by one or more TABLES statements to specify current passwords or encryption key values for data sets when different from the metadata-bound library passwords and encryption keys. If the TABLES statement is not used, then only two groups of data sets are bound:
  • data sets without passwords or encryption keys
  • data sets with passwords or encryption key values matching the metadata-bound library
In effect, omitting TABLES statements is equivalent to specifying one TABLES _ALL_ statement. For more information, see CREATE Statement.

Using the TABLES Statement with the MODIFY Statement

The MODIFY statement can be followed by one or more TABLES statements to specify modifications to passwords or an encryption key value in the data sets. If no TABLES statement follows the MODIFY statement, then there is an implicit TABLES _ALL_ statement. A separate TABLES statement is required for sets of data sets (tables) that might have different current passwords or encryption keys. For more information, see MODIFY Statement.

Using the TABLES Statement with the REPAIR Statement

When using the REPAIR statement, one of the ADD, UPDATE, or DELETE actions must be specified. LOCATION, METADATA, or both are used to clarify if the action is to apply to the physical security information in file system, to the metadata objects in the SAS Metadata Server, or to both. The REPAIR statement can be followed by one or more TABLES statements to perform the same action on the specified data sets. However, you cannot specify a new password or encryption key value in a TABLES statement that follows a REPAIR statement. For more information, see REPAIR Statement.

Using the TABLES Statement with the REMOVE Statement

You can use a TABLES statement with TABLESONLY=YES in the REMOVE statement to only remove the location information and secured table objects for specific tables in the metadata-bound library. If you do not use TABLESONLY=YES with a TABLES statement, then the secured library object and all secured table objects are deleted by the REMOVE statement.
When you use the TABLES statement after the REMOVE statement, an ENCRYPT=NO option removes the encryption on the data set as the table is being removed. For more information, see Encrypted Data Set Considerations. This process is necessary only if the administrator is trying to remove the passwords or encryption of a data set.
If you are removing the binding of the physical library to metadata or the physical library is not bound to a secured library, then you might want to modify the data set passwords or encryption to some other value. You are not restricted to changing to a common metadata-bound library password or encryption. You might choose to specify both a current and new password or current and new encryption key separated by a slash (/) in the REMOVE statement. If you want the different data sets to have unique passwords or encryption, then use the following two steps:
  1. Change the PW= option for the data sets using a REMOVE statement with TABLESONLY=YES and an individual TABLES statement for each unique password and encryption.
  2. Remove the metadata-bound library using a REMOVE statement without TABLESONLY=YES.

Using the TABLES Statement with the REPORT Statement

The TABLES statement is syntactically accepted with the REPORT statement but has little use. Specifying TABLES limits the report to the tables listed if used. For more information, see REPORT Statement.